Use a domain you own

Lots of businesses start small. It might be tempting to send email from a free Gmail account, but you should avoid it. Free email providers, like Gmail and Hotmail, are great for personal use. They're inappropriate for business use though. They lack professional appeal and erode consumer confidence. If you're using a Gmail address to send a newsletter, your email is more likely to land in a recipient's spam folder than is an email from a domain you own.

Spammers love to use Gmail addresses. They're free and infinitely disposable. When enough email from a Gmail address is categorized as spam, the spammer throws away the old address and creates a new one. As a well-meaning business who's using a Gmail address, you'll have to overcome your recipient's initial distrust when they first receive your email. Using a domain you own is the first step to improving your email deliverability.

Buying a domain is easy, and you can choose from a number of domain registrars that sell them. Hover (not an affiliate link) is the best one. Its pricing is simple and transparent. It doesn't try to upsell customers on services they don't need.

Use a premium email provider

Businesses that own their own domains also tend to have their own websites. Web hosting companies will often provide email to their customers for free. Don't use it. If for some reason, you need to change hosting providers, migrating your email to a new web host will be a significant hurdle. It's best to separate your email hosting from your web hosting. In using a premium email provider, you'll benefit from improved security and a number of additional features.

If you're someone who loves and uses Gmail, Google's own G-Suite is easily your best option. With plans starting at $6/user/month, G-Suite delivers the experience you already know and includes Google's office productivity suite: Drive, Docs, Sheets, Slides, and other applications.

For many, Microsoft delivers the best mix of user experience and capabilities. Office 365 comes with both web applications and desktop applications. It includes Outlook, Word, Excel, PowerPoint, and others. However, plans that provide email hosting (which you want) start at $12.50/user/month, more than twice the cost of Google G-Suite.

Email deliverability starts at your web host

You have one web host and one email host. However, you can send email from several providers. For example, though you may host your email on Google G-Suite, you might also use Mailchimp to send a newsletter. On top of that, you might use a service like Amazon SES to send email. Already, you have three distinct services sending mail as you and on your behalf.

Email service providers include Google, Microsoft, Mailchimp, Amazon, and others.

For each provider that sends email as your domain, you need to create corresponding DNS entries at your web host. These DNS entries act as approval for the email service to send mail as you. In the absence of that approval, anyone could send email as your domain, with or without your permission. In fact, this happens a lot. There's a term for it. When a spammer impersonates a valid entity, it's called spoofing.

Making DNS entries at your web host doesn't actually stop anyone from pretending to be you. Instead, the entries function together to establish your legitimate email providers as trusted senders and any others as not-trusted. Recipient email providers inspect messages for approval traits when processing new email. When you send messages that lack the necessary DNS records as approvals, you have problems with email deliverability. Your recipient never sees your message because it lands squarely in their spam folder.

For each email provider you use, you'll need to create two to three DNS records at your web host. This may sound complicated, but web hosts make it easy, and email providers like Google, Microsoft, and Mailchimp all offer easy-to-follow instructions. They each have incentive for your email to reach its intended recipient. Most help you verify that you correctly created the DNS entry.


SPF stands for "Sender Policy Framework." It's critical to email deliverability. For example, if you're using Mailchimp for your newsletter and don't add an SPF-type DNS record for Mailchimp, you can all but guarantee that your newsletter will be routed directly to your reader's spam folder. The SPF record tells email providers, "I've allowed Mailchimp to send mail as me."

An example SPF-type DNS record for G-Suite.


DKIM stands for "DomainKeys Identified Mail." It adds a message-level signature to every email. When an email is sent, it's signed with a private key. On the receiving side, the mail server validates the signature with a public key, which is the DKIM-type DNS record. Where combined with an SPF record, DKIM delivers a strong signal that your email is legitimate. You don't have to understand how this works, just that more email providers are starting to require DKIM. 

This sounds complicated, but your email provider makes it easy. You copy the DKIM value it gives to you. Then, you'll paste the same value as a DNS record at your web host.


What is it?

DMARC doesn't do any authentication. It produces reporting and stands for "Domain Message Authentication Reporting." DMARC tells you where SPF and DKIM are working and where they're not. You need this for a couple of reasons. First, if someone is emailing people and pretending to be you, you'll want to stop this. This is especially true if you work in financial services, where bad actors might phish for your clients' data. Second, if you're sending messages that are missing SPF or DKIM, you'll need to fix them. Your readers might not be getting your email, and your domain reputation may be taking a hit and hurting your email deliverability. Your domain reputation matters because it drives whether your emails go to the inbox or spam. When it takes damage, it can take months to repair. During that time, customers won't be getting your email.

How to setup reporting

DMARC reporting is ugly. Luckily, Postmark is easy to set up and provides attractive DMARC reporting for free. When creating a DMARC-type DNS record at your web host, you'll have the option of three different policy types. The p= means "policy."

  • p=none. This policy provides no instructions to receiving mail servers. If an email you send is missing and SPF or DKIM record, the receiving mail server will handle it however it wants. This is where you should start. It's DMARC reporting only.

  • p=quarantine. This policy does what the name suggests. If an email you send is missing and SPF or DKIM record, the receiving mail server will quarantine it. This usually means that your message will automatically be moved to spam. There's little reason to ever use this policy.

  • p=reject. This policy is the more severe of the three. If an email you send is missing and SPF or DKIM record, the receiving mail server will refuse to accept it. It won't go to the recipient's spam folder. The recipient won't get it at all. This is where you should end after months of DMARC reporting.

Postmark's setup screen and example DMARC report.

What to do with the reports you receive

Postmark will send you weekly DMARC reports. If you see email providers that are failing SPF or DKIM, fix them. If you see a provider that you don't use, that might be a spammer trying to spoof you. Even after you've fixed any issues, continue with your report-only (p=none) policy for a few months. You never know.

Once you're satisfied that SPF and DKIM are aligned for every email you send, change your policy to "reject" (p=reject). When next someone tries to spoof you, the recipient mail server will reject the spam or phishing email. This is great, especially if you work in a field that deals with NPI (Non-Public Information), where real harm could be done to one of your customers if they're tricked into providing confidential information to someone pretending to be you.

DMARC helps protect your sending domain reputation and achieve a high rate for email deliverability.

Use sub-domains to prevent email deliverability problems

The email-sender reputation for a subdomain differs from the reputation of another subdomain and the root domain. The subdomain has a reputation that differs from Take advantage of this, and use a different subdomain for each type of email you send.

Most businesses send regular, person-to-person email from their root domain, There's little risk of the root domain being flagged as spam because the emails are used to conduct day to day business between people who often know each other. Emails of this nature are not sent to masses of recipients. For this same reason, it would be catastrophic for the root domain – business class or operational emails – to be blacklisted as spam. It could bring work to a halt. Newsletter-type emails get marked as spam all the time. It's not good to expose your root domain to that kind of risk.

Use a different subdomain for each unique class of email you send. The practice is instructive to receiving mail servers and helps them understand the email they're processing. Importantly, it also compartmentalizes your risk. That's a good thing. Should email deliverability suffer in one place, it doesn't have to suffer everywhere.

  • Use a subdomain like "news" for your newsletter.

  • Use a subdomain like "cart" for transactional emails.

  • Use a subdomain like "chat" if you have a chat widget on your website that will send email to visitors.

  • [email protected]. Use your root domain for day to day work, like emailing coworkers and contacts at other companies.

Be a good email citizen

If you want people to read your email, create value for your recipients. The more value you create, the more engagement you'll get. We wrote a whole guide to help you. Read our, "Email marketing guide for brand building." It's full of ideas.

A, "We like you," sign shows email deliverability requires you create value for your readers.

Focus on engagement

The number of recipients on your mailing list is not a badge of honor. What matters is how many people read your emails. Aim for high engagement. That's what helps secure good email deliverability.

Two companies send a newsletter. The first company sends its newsletter to 1,000 subscribers, and 10 people read it. The second company sends its newsletter to 100 subscribers, and 30 people read it. The second newsletter is more effective. It reaches 3 times as many readers with only 1/10 of the total subscribers.

Clean up your list

If people aren't reading your email, remove them from your mailing list. Alternatively, move them to a new segment and send them mail less frequently. Don't keep sending people emails they don't read. Providers like Gmail are smart. When a person routinely deletes messages from the same sender without first reading them, Gmail picks up on that. It will start helping the recipient by automatically moving emails from you to the spam folder. Since it's far easier to get into spam than to get out, it's better that you respond to unengaged recipients by removing them from your list and protecting your domain reputation and email deliverability.

Make unsubscribing easy

Companies do a poor job at this. If a recipient wants to unsubscribe from your mailing list, let them unsubscribe. They're not reading your email anyway. When a recipient can't unsubscribe, you're at best, creating a negative association with your brand. At worst, you're creating the same negative association, and you're forcing the recipient to repeatedly mark your email as spam.

Give people a choice

Lots of businesses collect email addresses in-person by exchanging business cards. If that description fits your business, ask the people you meet if you can add them to your mailing list. Or, ask them in a thank-you note after you meet them. Avoid adding people to your list without their permission.

Great email deliverability is one-part technology knowhow and one-part behavior. Get both parts right and your recipients will get your email. With little patience, you can do it, and your effort will pay dividends to your business.